OWASP Project:Secure Coding Quick Reference Guide

09.02.2014 • Views

Share Embed Flag

OWASP Project:Secure Coding Quick Reference Guide

ePAPER READ

DOWNLOAD ePAPER

owasp.org

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Extract - Database Security

Use strongly typed parameterized queries

Utilize input validation and output encoding and be sure to address meta characters.

If these fail, do not run the database command

Ensure that variables are strongly typed

The application should use the lowest possible level of privilege when accessing the

database

Use secure credentials for database access

Do not provide connection strings or credentials directly to the client. If this is

unavoidable, encrypted them

Use stored procedures to abstract data access

Close the connection as soon as possible

Remove or change all default database administrative passwords. Utilize strong

passwords/phrases or implement multi-factor authentication

Turn off all unnecessary database functionality (e.g., unnecessary stored procedures

or services, utility packages, install only the minimum set of features and options

required (surface area reduction))

OWASP

Dark Side of Android Applications - owasp

Privacy by Design am Beispiel Facebook - owasp

Web Application Vulnerability Testing with Nessus - owasp

Pentesting Mobile Applications - Tony Liu & Rainman Wu - owasp

Herramientas Para AnÃ¡lisis EstÃ¡tico De Seguridad - owasp

Advanced CSRF and Stateless Anti-CSRF - owasp

Pruebas de Seguridad en aplicaciones web segun OWASP

Extract - Database Security Use strongly typed parameterized queries Utilize input validation and output encoding and be sure to address meta characters. If these fail, do not run the database command Ensure that variables are strongly typed The application should use the lowest possible level of privilege when accessing the database Use secure credentials for database access Do not provide connection strings or credentials directly to the client. If this is unavoidable, encrypted them Use stored procedures to abstract data access Close the connection as soon as possible Remove or change all default database administrative passwords. Utilize strong passwords/phrases or implement multi-factor authentication Turn off all unnecessary database functionality (e.g., unnecessary stored procedures or services, utility packages, install only the minimum set of features and options required (surface area reduction)) OWASP 8

Using the guide Scenario #1: Developing Guidance Documents Coding Practices Guiding Principles What to do How to do it General Security Policies Application Security Procedures Application Security Coding Standards OWASP 9

Page 1 and 2: OWASP Secure Coding Practices Quick
Page 3 and 4: Project Structure / Localizations
Page 5 and 6: Sections of the Guide The bulk of
Page 7: Checklist Practices Short and to t
Page 11 and 12: Using the guide continued Scenario
Page 13 and 14: A Secure Development Framework Guid

OWASP Project:Secure Coding Quick Reference Guide

Create successful ePaper yourself

Delete template?

Save as template?